Lucene search

IBM433349B9E8B6993EB84B13D36B9A97F5D638439AD4331BCFF679E8BD8C52DC65

HistoryApr 14, 2020 - 2:28 p.m.

Security Bulletin: IBM QRadar SIEM is vulnerable to privilege escalation (CVE-2020-4270)

2020-04-1414:28:48

www.ibm.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM QRadar SIEM is vulnerable to privilege escalation due to weak file permissions

Vulnerability Details

CVEID:CVE-2020-4270
**DESCRIPTION:**IBM QRadar could allow a local user to gain escalated privileges due to weak file permissions.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175846 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

· IBM QRadar 7.3.0 to 7.3.3 Patch 2

Remediation/Fixes

· QRadar / QRM / QVM / QNI 7.4.0 GA (SFS)
· QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 3 (SFS)
· QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 7(SFS)
· QRadar Incident Forensics 7.4.0 (ISO)
· QRadar Incident Forensics 7.4.0 (SFS)

NOTE: Administrators with QRadar Incident Forensics should be aware that a new ISO and SFS file are published to IBM Fix Central for QRadar Incident Forensics 7.4.0 versions

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security qradar siemeq7.3
ibm security qradar siemeq7.4

CPE	Name	Operator	Version
	ibm security qradar siem	eq	7.3
	ibm security qradar siem	eq	7.4

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for 433349B9E8B6993EB84B13D36B9A97F5D638439AD4331BCFF679E8BD8C52DC65